Decrypt IC Program from locked microcontroller’s flash and eeprom memory, and then copy firmware out from MCU by programmer, rewrite the heximal to new MCU for cloning;
A non-invasive ic crack does not require any initial preparations of the device under test. The ic attacker can either tap the wires to the device, or plug it into a test circuit for the analysis. Once found, these mcu cracks could be easily scaled and their reproduction does not involve very much cost.
In addition, no tamper evidence is left after they are applied. Therefore they are considered to be the most serious threat to the hardware security of any device. At the same time it usually takes a lot of time and effort to find an ic program decryption on any particular device.
This often involves reverse engineering the device in the sense of either disassembling its software or understanding its hardware layout.